raccoon | d2cdc827317f6efc127337dbf3ce12f9410ca980572e6a58a0a69ea2e8ab6f17 | Triage

Sharing

General

Target

feeak8vja7
Size

661KB
Sample

240825-dqwd8stdje
MD5

21f7f890c81848cf5da94c2f536be228
SHA1

f78ee20dba07aeb9ec2d2de164d78398185ed4c6
SHA256

d2cdc827317f6efc127337dbf3ce12f9410ca980572e6a58a0a69ea2e8ab6f17
SHA512

a9319e0ff2caa1ad002ef3f67379d787c6bc868028d293344890ba7f91f8621941303e44cf10aa360b31f7f120d536740cd179198232e49d51c288654a91a3bf
SSDEEP

12288:zBSkUiQlxJsyPvGy+fDkv4Wzc63xDGfbM/0/Ku9L9Fi9Im:zBylxJsyPIuxDGfbMMi5

Score

10^/10

raccoon 61eaf7322ab382fcce58d017692ede0a discovery execution stealer

Malware Config

Extracted

Family

raccoon

Botnet

61eaf7322ab382fcce58d017692ede0a

C2

http://77.91.77.96:80

Attributes

user_agent
MrBidenNeverKnow

xor.plain

Targets

- Target
  
  feeak8vja7
- Size
  
  661KB
- MD5
  
  21f7f890c81848cf5da94c2f536be228
- SHA1
  
  f78ee20dba07aeb9ec2d2de164d78398185ed4c6
- SHA256
  
  d2cdc827317f6efc127337dbf3ce12f9410ca980572e6a58a0a69ea2e8ab6f17
- SHA512
  
  a9319e0ff2caa1ad002ef3f67379d787c6bc868028d293344890ba7f91f8621941303e44cf10aa360b31f7f120d536740cd179198232e49d51c288654a91a3bf
- SSDEEP
  
  12288:zBSkUiQlxJsyPvGy+fDkv4Wzc63xDGfbM/0/Ku9L9Fi9Im:zBylxJsyPIuxDGfbMMi5
Score

10^/10

raccoon 61eaf7322ab382fcce58d017692ede0a discovery execution stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V2 payload
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

raccoon61eaf7322ab382fcce58d017692ede0adiscoveryexecutionstealer

behavioral2